AVP EAP-KEY name support in FR

Srinu Bandari sbandari at vitesse.com
Wed Feb 13 10:59:37 CET 2013

We are trying to bring up MACsec with Cisco and FR, and we are stuck because of Radius unable to send EAP-Key-Name AVP. Below is what is expected as per RFC4072

RFC4072 says "A home Diameter server receiving a
   Diameter-EAP-Request with a Key-Name AVP with non-empty data MUST
   silently discard the AVP.  In addition, the home Diameter server
   SHOULD include this AVP in Diameter-EAP-Response only if an empty
   EAP-Key-Name AVP was present in Diameter-EAP-Request."

But radius server is not sending EAP-Key-Name AVP (Radius Attribute Type 102) even invalid AVP present in the Diameter-EAP-Request".

Below is the debug print of radius

Sending Access-Accept of id 647 to port 1645
        MS-MPPE-Recv-Key = 0x84e5c624c3bcdeadca3c6210f24bd7b8336921ccc1c58399d397afc75770332c
        MS-MPPE-Send-Key = 0xa6c4860cc8092c251502f5adc3ee13586e05fe84cbbb8b6793b08d9523d12b1f
        EAP-Message = 0x03060004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "user1"

Does anyone have clue on this.

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130213/e339f1c2/attachment.html>

More information about the Freeradius-Users mailing list